AMI BIOS Source Code and UEFI Signing Key Found on Public FTP Server

The source code of different versions of AMI ((American Megatrends Inc.) firmware and a unique UEFI signing test key were found on an unsecured FTP server. As such, such a security leak may have grave implications for desktop systems that feature motherboards that operate on the AMI UEFI BIOS.

According to security researcher Adam Caudill, along with the leaked source codes, there is also a unique UEFI signing test key that affects 'Ivy Bridge' platforms. The security implications of their leak may lead to hackers and people with malicious intentions to develop UEFI updates that will be validated and then installed for the vendor’s products that use this ‘Ivy Bridge’ firmware.

The UEFI signing key is meant to be used for firmware authentication; however, if it is compromised, the authenticity of the UEFI BIOS updates will be questionable. Mr. Caudill added that if the same authentication key was to be used in other products, the potential for more damage is subsequently heightened. American Megatrends have officially responded, saying that the leaked signing key is for testing purposes and is not supposed to be used for final production. As a result, products that are sold will not use this key for authentication purposes during their BIOS updates.

Furthermore, the unsecured FTP server wasn't under the purview of AMI as it was operated by one of AMI's customers. Despite this unfortunate security leak, AMI claims that this leak will not compromise the security of systems in the field if the BIOS for the production machines are created using production keys. However, we do raise the possibility of machines in production whose BIOS may be signed with the compromised key and will be potential targets for hackers. As a precautionary note to our readers, it is good practice to disable automatic updates of BIOS of production systems; while at the same time, to manually apply BIOS updates with firmware downloaded from trusted sources.